[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.108' (ECDSA) to the list of known hosts. 2021/04/30 21:21:24 fuzzer started 2021/04/30 21:21:24 dialing manager at 10.128.0.169:44661 2021/04/30 21:21:24 syscalls: 3571 2021/04/30 21:21:24 code coverage: enabled 2021/04/30 21:21:24 comparison tracing: enabled 2021/04/30 21:21:24 extra coverage: enabled 2021/04/30 21:21:24 setuid sandbox: enabled 2021/04/30 21:21:24 namespace sandbox: enabled 2021/04/30 21:21:24 Android sandbox: /sys/fs/selinux/policy does not exist 2021/04/30 21:21:24 fault injection: enabled 2021/04/30 21:21:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/04/30 21:21:24 net packet injection: enabled 2021/04/30 21:21:24 net device setup: enabled 2021/04/30 21:21:24 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2021/04/30 21:21:24 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/04/30 21:21:24 USB emulation: enabled 2021/04/30 21:21:24 hci packet injection: enabled 2021/04/30 21:21:24 wifi device emulation: enabled 2021/04/30 21:21:24 802.15.4 emulation: enabled 2021/04/30 21:21:24 fetching corpus: 0, signal 0/2000 (executing program) 2021/04/30 21:21:25 fetching corpus: 50, signal 62527/66213 (executing program) 2021/04/30 21:21:25 fetching corpus: 100, signal 100448/105661 (executing program) 2021/04/30 21:21:25 fetching corpus: 150, signal 118547/125318 (executing program) 2021/04/30 21:21:26 fetching corpus: 200, signal 141564/149735 (executing program) 2021/04/30 21:21:26 fetching corpus: 250, signal 156535/166065 (executing program) 2021/04/30 21:21:26 fetching corpus: 300, signal 167999/178864 (executing program) 2021/04/30 21:21:27 fetching corpus: 350, signal 180263/192443 (executing program) 2021/04/30 21:21:27 fetching corpus: 400, signal 192496/205868 (executing program) 2021/04/30 21:21:28 fetching corpus: 450, signal 202272/216848 (executing program) 2021/04/30 21:21:28 fetching corpus: 500, signal 211033/226767 (executing program) 2021/04/30 21:21:28 fetching corpus: 550, signal 220171/237085 (executing program) 2021/04/30 21:21:28 fetching corpus: 600, signal 229419/247455 (executing program) 2021/04/30 21:21:29 fetching corpus: 650, signal 238893/257961 (executing program) 2021/04/30 21:21:29 fetching corpus: 700, signal 246304/266426 (executing program) 2021/04/30 21:21:29 fetching corpus: 750, signal 251527/272763 (executing program) 2021/04/30 21:21:29 fetching corpus: 800, signal 258284/280601 (executing program) 2021/04/30 21:21:30 fetching corpus: 850, signal 264488/287816 (executing program) 2021/04/30 21:21:30 fetching corpus: 900, signal 272055/296336 (executing program) 2021/04/30 21:21:30 fetching corpus: 950, signal 277938/303153 (executing program) 2021/04/30 21:21:31 fetching corpus: 1000, signal 282545/308736 (executing program) 2021/04/30 21:21:31 fetching corpus: 1050, signal 289089/316154 (executing program) 2021/04/30 21:21:31 fetching corpus: 1100, signal 295141/323051 (executing program) 2021/04/30 21:21:31 fetching corpus: 1150, signal 301531/330253 (executing program) 2021/04/30 21:21:32 fetching corpus: 1200, signal 308026/337516 (executing program) 2021/04/30 21:21:32 fetching corpus: 1250, signal 312089/342461 (executing program) 2021/04/30 21:21:32 fetching corpus: 1300, signal 317715/348894 (executing program) 2021/04/30 21:21:32 fetching corpus: 1350, signal 325568/357354 (executing program) 2021/04/30 21:21:33 fetching corpus: 1400, signal 331004/363530 (executing program) 2021/04/30 21:21:33 fetching corpus: 1450, signal 337054/370199 (executing program) 2021/04/30 21:21:33 fetching corpus: 1500, signal 342475/376244 (executing program) syzkaller login: [ 81.998200][ T1658] ================================================================== [ 82.006442][ T1658] BUG: KASAN: slab-out-of-bounds in blk_mq_rq_ctx_init+0xe14/0xe90 [ 82.014341][ T1658] Read of size 8 at addr ffff88801dd968d8 by task khugepaged/1658 [ 82.022135][ T1658] [ 82.024447][ T1658] CPU: 1 PID: 1658 Comm: khugepaged Not tainted 5.12.0-rc8-next-20210423-syzkaller #0 [ 82.033979][ T1658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.044024][ T1658] Call Trace: [ 82.047295][ T1658] dump_stack+0x141/0x1d7 [ 82.051645][ T1658] ? blk_mq_rq_ctx_init+0xe14/0xe90 [ 82.056841][ T1658] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 82.063867][ T1658] ? blk_mq_rq_ctx_init+0xe14/0xe90 [ 82.069066][ T1658] ? blk_mq_rq_ctx_init+0xe14/0xe90 [ 82.074283][ T1658] kasan_report.cold+0x7c/0xd8 [ 82.079049][ T1658] ? finish_wait+0x210/0x260 [ 82.083634][ T1658] ? blk_mq_rq_ctx_init+0xe14/0xe90 [ 82.088837][ T1658] blk_mq_rq_ctx_init+0xe14/0xe90 [ 82.093862][ T1658] __blk_mq_alloc_request+0x387/0x580 [ 82.099244][ T1658] blk_mq_submit_bio+0x461/0x17d0 [ 82.104269][ T1658] ? blk_mq_try_issue_list_directly+0x940/0x940 [ 82.110556][ T1658] ? lock_downgrade+0x6e0/0x6e0 [ 82.115444][ T1658] submit_bio_noacct+0xad2/0xf20 [ 82.120386][ T1658] ? lockdep_hardirqs_on+0x79/0x100 [ 82.125585][ T1658] ? blk_queue_enter+0xb60/0xb60 [ 82.130524][ T1658] ? __pagevec_release+0x77/0x100 [ 82.135544][ T1658] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 82.141263][ T1658] ? mpage_release_unused_pages+0x5e1/0x880 [ 82.147161][ T1658] submit_bio+0x263/0x5e0 [ 82.151509][ T1658] ? submit_bio_noacct+0xf20/0xf20 [ 82.156642][ T1658] ? ext4_bio_write_page+0xf97/0x1eb0 [ 82.162008][ T1658] ? put_pages_list+0x3e0/0x3e0 [ 82.166867][ T1658] ext4_io_submit+0x181/0x210 [ 82.171554][ T1658] ext4_writepages+0x1452/0x3ba0 [ 82.176511][ T1658] ? __ext4_mark_inode_dirty+0x8d0/0x8d0 [ 82.182161][ T1658] ? mark_lock+0xef/0x17b0 [ 82.186597][ T1658] ? find_held_lock+0x2d/0x110 [ 82.191360][ T1658] ? __ext4_mark_inode_dirty+0x8d0/0x8d0 [ 82.197007][ T1658] do_writepages+0xec/0x290 [ 82.201512][ T1658] ? writeback_set_ratelimit+0x150/0x150 [ 82.208879][ T1658] ? do_raw_spin_lock+0x120/0x2b0 [ 82.213900][ T1658] ? do_raw_spin_unlock+0x171/0x230 [ 82.219091][ T1658] ? _raw_spin_unlock+0x24/0x40 [ 82.223932][ T1658] ? wbc_attach_and_unlock_inode+0x117/0x9e0 [ 82.229915][ T1658] __filemap_fdatawrite_range+0x2a5/0x390 [ 82.235649][ T1658] ? delete_from_page_cache_batch+0xe10/0xe10 [ 82.241718][ T1658] ? _raw_spin_unlock_irq+0x1f/0x40 [ 82.246912][ T1658] collapse_file+0x30db/0x39d0 [ 82.251678][ T1658] ? __collapse_huge_page_isolate+0x1830/0x1830 [ 82.257941][ T1658] ? xas_find+0x2fe/0x7d0 [ 82.262289][ T1658] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 82.268545][ T1658] ? khugepaged_find_target_node+0x162/0x1e0 [ 82.274525][ T1658] khugepaged+0x2caa/0x5320 [ 82.279042][ T1658] ? collapse_pte_mapped_thp+0xdb0/0xdb0 [ 82.284693][ T1658] ? __kthread_parkme+0xad/0x1e0 [ 82.289644][ T1658] ? lock_downgrade+0x6e0/0x6e0 [ 82.294508][ T1658] ? finish_wait+0x260/0x260 [ 82.299101][ T1658] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 82.305349][ T1658] ? __kthread_parkme+0x13f/0x1e0 [ 82.310398][ T1658] ? collapse_pte_mapped_thp+0xdb0/0xdb0 [ 82.316034][ T1658] kthread+0x3b1/0x4a0 [ 82.320096][ T1658] ? __kthread_bind_mask+0xc0/0xc0 [ 82.325201][ T1658] ret_from_fork+0x1f/0x30 [ 82.329633][ T1658] [ 82.331955][ T1658] Allocated by task 1: [ 82.336009][ T1658] kasan_save_stack+0x1b/0x40 [ 82.340687][ T1658] __kasan_kmalloc+0x9b/0xd0 [ 82.345271][ T1658] device_create_groups_vargs+0x8a/0x280 [ 82.350899][ T1658] device_create+0xdf/0x120 [ 82.355398][ T1658] mon_bin_add+0xb7/0x160 [ 82.359725][ T1658] mon_bus_init+0x18e/0x320 [ 82.364222][ T1658] mon_notify+0x32c/0x490 [ 82.368545][ T1658] notifier_call_chain+0xb5/0x200 [ 82.373572][ T1658] blocking_notifier_call_chain+0x67/0x90 [ 82.379291][ T1658] usb_add_hcd.cold+0x3ad/0x1816 [ 82.384246][ T1658] vhci_hcd_probe+0x150/0x3a0 [ 82.388919][ T1658] platform_probe+0xfc/0x1f0 [ 82.393516][ T1658] really_probe+0x291/0xf60 [ 82.398038][ T1658] driver_probe_device+0x298/0x410 [ 82.403143][ T1658] __device_attach_driver+0x203/0x2c0 [ 82.408511][ T1658] bus_for_each_drv+0x15f/0x1e0 [ 82.413363][ T1658] __device_attach+0x228/0x4b0 [ 82.418126][ T1658] bus_probe_device+0x1e4/0x290 [ 82.422974][ T1658] device_add+0xbe0/0x2100 [ 82.427410][ T1658] platform_device_add+0x363/0x820 [ 82.432512][ T1658] vhci_hcd_init+0x341/0x485 [ 82.437113][ T1658] do_one_initcall+0x103/0x650 [ 82.441875][ T1658] kernel_init_freeable+0x63e/0x6c7 [ 82.447071][ T1658] kernel_init+0xd/0x1c0 [ 82.451309][ T1658] ret_from_fork+0x1f/0x30 [ 82.455719][ T1658] [ 82.458029][ T1658] The buggy address belongs to the object at ffff88801dd96000 [ 82.458029][ T1658] which belongs to the cache kmalloc-2k of size 2048 [ 82.472070][ T1658] The buggy address is located 216 bytes to the right of [ 82.472070][ T1658] 2048-byte region [ffff88801dd96000, ffff88801dd96800) [ 82.485947][ T1658] The buggy address belongs to the page: [ 82.492257][ T1658] page:ffffea0000776400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1dd90 [ 82.502400][ T1658] head:ffffea0000776400 order:3 compound_mapcount:0 compound_pincount:0 [ 82.510713][ T1658] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 82.518692][ T1658] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888011042000 [ 82.527267][ T1658] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 82.535835][ T1658] page dumped because: kasan: bad access detected [ 82.542230][ T1658] [ 82.544540][ T1658] Memory state around the buggy address: [ 82.550154][ T1658] ffff88801dd96780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.558292][ T1658] ffff88801dd96800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.566342][ T1658] >ffff88801dd96880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.574479][ T1658] ^ [ 82.581397][ T1658] ffff88801dd96900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.589446][ T1658] ffff88801dd96980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.597489][ T1658] ================================================================== [ 82.605532][ T1658] Disabling lock debugging due to kernel taint [ 82.612123][ T1658] Kernel panic - not syncing: panic_on_warn set ... [ 82.618732][ T1658] CPU: 0 PID: 1658 Comm: khugepaged Tainted: G B 5.12.0-rc8-next-20210423-syzkaller #0 [ 82.629671][ T1658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.639729][ T1658] Call Trace: [ 82.643012][ T1658] dump_stack+0x141/0x1d7 [ 82.647363][ T1658] panic+0x306/0x73d [ 82.651271][ T1658] ? __warn_printk+0xf3/0xf3 [ 82.655876][ T1658] ? preempt_schedule_common+0x59/0xc0 [ 82.661351][ T1658] ? blk_mq_rq_ctx_init+0xe14/0xe90 [ 82.666569][ T1658] ? preempt_schedule_thunk+0x16/0x18 [ 82.671979][ T1658] ? trace_hardirqs_on+0x38/0x1c0 [ 82.677014][ T1658] ? trace_hardirqs_on+0x51/0x1c0 [ 82.682054][ T1658] ? blk_mq_rq_ctx_init+0xe14/0xe90 [ 82.687261][ T1658] ? blk_mq_rq_ctx_init+0xe14/0xe90 [ 82.692472][ T1658] end_report.cold+0x5a/0x5a [ 82.697072][ T1658] kasan_report.cold+0x6a/0xd8 [ 82.701855][ T1658] ? finish_wait+0x210/0x260 [ 82.706453][ T1658] ? blk_mq_rq_ctx_init+0xe14/0xe90 [ 82.711694][ T1658] blk_mq_rq_ctx_init+0xe14/0xe90 [ 82.716754][ T1658] __blk_mq_alloc_request+0x387/0x580 [ 82.722142][ T1658] blk_mq_submit_bio+0x461/0x17d0 [ 82.727184][ T1658] ? blk_mq_try_issue_list_directly+0x940/0x940 [ 82.733441][ T1658] ? lock_downgrade+0x6e0/0x6e0 [ 82.738311][ T1658] submit_bio_noacct+0xad2/0xf20 [ 82.743267][ T1658] ? lockdep_hardirqs_on+0x79/0x100 [ 82.748507][ T1658] ? blk_queue_enter+0xb60/0xb60 [ 82.753461][ T1658] ? __pagevec_release+0x77/0x100 [ 82.758499][ T1658] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 82.764262][ T1658] ? mpage_release_unused_pages+0x5e1/0x880 [ 82.770255][ T1658] submit_bio+0x263/0x5e0 [ 82.774602][ T1658] ? submit_bio_noacct+0xf20/0xf20 [ 82.779724][ T1658] ? ext4_bio_write_page+0xf97/0x1eb0 [ 82.785154][ T1658] ? put_pages_list+0x3e0/0x3e0 [ 82.790013][ T1658] ext4_io_submit+0x181/0x210 [ 82.794674][ T1658] ext4_writepages+0x1452/0x3ba0 [ 82.799715][ T1658] ? __ext4_mark_inode_dirty+0x8d0/0x8d0 [ 82.805347][ T1658] ? mark_lock+0xef/0x17b0 [ 82.809778][ T1658] ? find_held_lock+0x2d/0x110 [ 82.814553][ T1658] ? __ext4_mark_inode_dirty+0x8d0/0x8d0 [ 82.820189][ T1658] do_writepages+0xec/0x290 [ 82.824704][ T1658] ? writeback_set_ratelimit+0x150/0x150 [ 82.830347][ T1658] ? do_raw_spin_lock+0x120/0x2b0 [ 82.835362][ T1658] ? do_raw_spin_unlock+0x171/0x230 [ 82.841338][ T1658] ? _raw_spin_unlock+0x24/0x40 [ 82.846194][ T1658] ? wbc_attach_and_unlock_inode+0x117/0x9e0 [ 82.852182][ T1658] __filemap_fdatawrite_range+0x2a5/0x390 [ 82.857902][ T1658] ? delete_from_page_cache_batch+0xe10/0xe10 [ 82.864017][ T1658] ? _raw_spin_unlock_irq+0x1f/0x40 [ 82.869244][ T1658] collapse_file+0x30db/0x39d0 [ 82.873998][ T1658] ? __collapse_huge_page_isolate+0x1830/0x1830 [ 82.880244][ T1658] ? xas_find+0x2fe/0x7d0 [ 82.884583][ T1658] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 82.890847][ T1658] ? khugepaged_find_target_node+0x162/0x1e0 [ 82.896842][ T1658] khugepaged+0x2caa/0x5320 [ 82.901344][ T1658] ? collapse_pte_mapped_thp+0xdb0/0xdb0 [ 82.906971][ T1658] ? __kthread_parkme+0xad/0x1e0 [ 82.911962][ T1658] ? lock_downgrade+0x6e0/0x6e0 [ 82.916818][ T1658] ? finish_wait+0x260/0x260 [ 82.921401][ T1658] ? __sanitizer_cov_trace_const_cmp1+0x22/0x80 [ 82.927659][ T1658] ? __kthread_parkme+0x13f/0x1e0 [ 82.932684][ T1658] ? collapse_pte_mapped_thp+0xdb0/0xdb0 [ 82.938314][ T1658] kthread+0x3b1/0x4a0 [ 82.942384][ T1658] ? __kthread_bind_mask+0xc0/0xc0 [ 82.947526][ T1658] ret_from_fork+0x1f/0x30 [ 82.952652][ T1658] Kernel Offset: disabled [ 82.956984][ T1658] Rebooting in 86400 seconds..